Sony’s security nightmare appears to be a case of ransom

For two straight days, IT experts have scrambled to undo a massive cyberattack that has locked employees of Sony Pictures out of their work computers. It appears the machines are being held ransom – though little is known about how or who’s doing it. 

The news first leaked on Monday, Nov. 24, that users at Sony were unable to access their computers to do any work.

A leaked photo showed the following message:

“Hacked By #GOP Warning: We’ve already warned you, and this is just a beginning. We continue till our request be met. We’ve obtained all your internal data, including your secrets and top secrets. If you don’t obey us, we’ll release data shown below to the world. Determine what will you do till November the 24th, 11:00 PM (GMT).”

The message isn’t very subtle. It appears hackers have made demands of Sony which weren’t met and locked users out of their accounts as a result, promising to release sensitive data.

Documents dumped

So far, the hackers have allegedly dumped documents that are being pored over by curious onlookers (and likely a fair share of nefarious characters).

And according to The Register, “Included files were named ‘Jana’s passwords.xls’, ‘Extranet Oracle & SQL passwords 4.3.06.txt’, and ‘ACCOUNTS WITHOUT PASSWORDS.xls.'”

One would hope those files don’t actually contain what it seems like they do. But titles that descriptive would seem to indicate otherwise.

Was not paying the right move?

If Sony Pictures was sent a demand for ransom (which seems likely) and it didn’t comply (also likely), chances are that it made the right move. It’s purely speculation that this is what happened, but it seems to be the rough outline of events.

That may have actually been the best move, though it’s hard to see that now. There’s never a guarantee that paying up will lead to information not being leaked. It could only drive prices up.

Companies would be wise to have these policies in writing and agreed upon ahead of time, though – especially with the rise of ransomware. Regardless of your company’s decision, key decision-makers should be aware of it before it’s needed.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy